So next we'll talk about get us l dap
de ns runs import 53.
So now Dean s runs on 53 but also it runs on T C, P and U D p.
So it Dean s domain name service does is it turns thes complicated. I p addresses into names, so every host has an I p address. But when you want to go look at a popular website like Google or Microsoft, you're not putting in the i P address for their servers. You're putting in a name
that's called D E N s.
So it translates the names. It translates numbers, two names
and vice versa.
There's, uh the Internet maintains a series of root servers across the world that maintains a list of all the Internet domain names
and the replicated across each other.
So when you go rusher domain name,
the name that you buy and the I p that's associated with are gonna be replicated up into the root servers.
So when you queria name on the internet,
you clear your local dina server, which eventually gonna
query up to the root server to find out. Okay, where do I go, it's in a tree structure.
So now you can run your own local Dina server. If you're running like an internal network to help resolve names internally,
that doesn't have to connect to the Internet at all.
It's just local
because, like Microsoft active director requires D. N s.
So we look at a domain name like, uh, Debbie every day Microsoft dot com
First, it's gonna go look at the root server that's hosting dot com, and that's gonna tell it the next server look at for Microsoft and then at Microsoft will be a server that says who? Debbie Debbie W. Is.
That's how quickly would proceed.
So now we have.
If I'm doing a Dina, if I'm doing a look up for a name like I go visit w dot google dot com.
My request. Gonna be sent over to a d. N. A. Server
Report. 53 Butt's going to sentence you tp. It's a very small packet.
If you don't respond immediately, it can retry and I won't even notice in my lookups. That's why it could be UDP fast but not guaranteed delivery. We're just don't query,
but when we have dina service talking to each other in exchange in what's called the Zone Files zone files is the entire list of name tonight peas that that dina service responsible for maintaining.
We transfer the information to another D. N s server to replicate across the Internet.
I go over port 53 but I do it as TCP because I want that
to be a reliable. It's like a file transfer.
So when you're doing transfers, you should be. When you do ***, look up. You're at
UDP for Port 53 by a zone transfer between DINA servers would be on TCP.
An average user will never see that. What assets Madman level.
When you have Dina serve especially Microsoft Environment talking to each other there be doing over TCP
de ns is not encrypted
Uh, it's it's ah good. It's very susceptible to attack if not secured properly what people can do or called
Dean s cash poisoning or, um
or redirect. So what happened is especially if it's not a secure site. That certificate
We can go
to your machine or to your Dina, sir, If I hack your d n a server, I can make it so that whenever you go to google dot com,
I'm gonna change that match so that the number that you go to is not the real google dot com. It is
my server, but you won't know if you type google dot com. You don't know what the I P addresses from. Who calm you just assume so. Instead, you get a CZ. You get sent to my server
hosting a page that looks just like google dot com,
and you know you go type in your search credit when you hit Submit. At the same time, I'm gonna send something bad back with it,
something malicious that you can download. So
that's one of the ways that Dennis is exploited
quite a bit.
it's called cash poisoning.
Al DAP is lightweight Directory access Protocol works on report. 389
It's a client's every directory query. Kind of like active directory. It means it's, um, it's basically a directory.
You can use it the story of kind of information most commonly used to store use, named passwords, telephone numbers. There's commercial open source
on that Travels will report 389
by default. It's plain text, but you can right over SSL
s so we'll talk about S and P. Simple network Management Protocol
application layer protocol for managing T's creepy based networks
consists of Mandarin Agent that runs a service on May devices from work stations for hours. You see it mainly on routers, switches and printers.
Using this simple network management protocol commonly used to gather statistics
from the devices can also be used to simple management
Is it was called community strings instead of passwords.
So based on the string
that you used to connect to the device determines if you have read access or read right access to convict files.
MIPS. What's that?
I'm not sure what Mrs May
I remember using a long time ago
sounds familiar, but I haven't
S and B port for 45 That's what Microsoft uses file sharing. When you do Windows file sharing,
it's part four for five. Now make sure that Port 445 is only
that's one of those ones that you shouldn't have opened on the firewall. There's no reason you do Windows file sharing
outside of your internal network,
at least in the whole environment. If you're in a more enterprise network, you might have
445 and internally, but it should never go out to the Internet.
It's been adopted for other operations and besides Windows, though, so it's always been known as on Lennox as the common Internet file system.
And so Lennox Lennox uses have developed their own alternative, called samba,
which will emulate Windows on not actually emulate Windows but at Emulate a Windows File server so it will host will be able to run Windows File shares. Host Windows File shares over 445
It can also connect to Windows File shares. So I'm on a Lex PC on Connect to a Windows File share on a Windows machine using the right username password. If I have
they do have it. It's not
totally reliable. They do have a
they have their own versions off active directory, so you can almost host
a active directory using samba on Lenox machines and have Windows machines connect to it. But it's not even it's all really doesn't provide file sharing and centralize username password that doesn't have all the intricacies of group policies and
the other features off active directory